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DETAILED ACTION 



1 . This office action is in response to applicant's response filed on 01/27/2009. 

2. Claims 1 -5, 8,10-11,13-14,1 7-21 , 24, 26-27, 29-30, 33-35, and 37-43 are 
pending. 

3. Claims 6-7, 9, 1 2, 1 5-16, 22-23, 25, 28, 31 -32, 36 and 44-48 are cancelled. 

4. Claims 1, 17 and 33 are amended. 

5. Examiner withdraws objection to the claims due to correction by the applicant. 

6. NEW 35 U.S.C § 101 rejection on claims 1-5, 8, 10-11, 13-14, 17-21, 24, 26-27, 
29-30, 33-35 and 37-43, please see the office action below. 

7. Applicant's arguments have been fully considered. 

8. When responding to the Office action, Applicant is advised to clearly point out the 
patentable novelty the claims present in view of the state of the art disclosed by the 
reference(s) cited or the objection made. A showing of how the amendments avoid such 
references or objections must also be present. See 37 C.F.R. 1 .1 1 1(c). 



Response to Arguments 



1. Applicant's arguments with respect to claims 1-5, 8, 10-11, 13-14, 17-21,24,26- 
27, 29-30, 33-35, and 37-43 have been considered but are moot in view of the new 
ground(s) of rejection. 
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Claim Rejections - 35 USC § 101 
1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-5, 8,10-11 and 13-14 are rejected under 35 U.S.C. 101 based on 
Supreme Court precedent and recent Federal Circuit decisions, a 35 U.S.C § 101 
process must (1 ) be tied to a particular machine or (2) transform underlying subject 
matter (such as an article or materials) to a different state or thing, in re Bilski et al, 88 
USPQ 2d 1 385 CAFC (2008); Diamond v. Diehr, 450 U.S. 1 75, 1 84 (1 981 ); Parker v. 
Flook, 437 U.S. 584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 63, 70 (1972); 
Cochrane v. Deener, 94 U.S. 780,787-88 (1876). 

An example of a method claim that would not qualify as a statutory process 
would be a claim that recited purely mental steps. Thus, to qualify as a § 101 statutory 
process, the claim should positively recite the particular machine to which it is tied, for 
example by identifying the apparatus that accomplishes the method steps, or positively 
recite the subject matter that is being transformed, for example by identifying the 
material that is being changed to a different state. 

Here, applicant's method steps are not tied to a particular machine and do not 
perform a transformation. Thus, the claims are non-statutory. 
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The mere recitation of the machine in the preamble with an absence of a 
machine in the body of the claim fails to make the claim statutory under 35 USC 101 . 
Note the Board of Patent Appeals Informative Opinion Ex parte Langemyer et al. 

Claims 17-21, 24, 26-27 and 29-30 are rejected under 35 U.S.C. 101 based on 
the claims lack the necessary physical articles or objects to constitute a machine or a 
manufacture within the meaning of 35 USC 101 . They are clearly not a series of steps 
or acts to be a process nor are they a combination of chemical compounds to be a 
composition of matter. As such, they fail to fall within a statutory category. They are, at 
best, functional descriptive material perse. Descriptive material can be characterized as 
either "functional descriptive material" or "non-functional descriptive material." Both 
types of "descriptive material" are non-statutory when claimed as descriptive material 
perse, 33 F.3d at 1360, 31 USPQ2d at 1759. When functional descriptive material is 
recorded on some computer-readable medium, it becomes structurally and functionally 
interrelated to the medium and will be statutory in most cases since use of technology 
permits the function of the descriptive material to be realized. Compare In re Lowry, 32 
F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 1994). Merely claiming non- 
functional descriptive material, i.e., abstract ideas, stored on a computer-readable 
medium, in a computer, or on an electromagnetic carrier signal, does not make it 
statutory. See Diehr, 450 U.S. at 185-86, 209 USPQ at 8 (noting that the claims for an 
algorithm in Benson were unpatentable as abstract ideas because "[t]he sole practical 
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application of the algorithm was in connection with the programming of a general 
purpose computer."). 

Claims 33-35 and 37-43 are rejected under 35 U.S.C. 101 based on claimed 
subject matter lacks a practical application of a judicial exception (law of nature, 
abstract idea, naturally occurring phenomenon) since it fails to produce a useful, 
concrete and tangible result. 

Specifically, the claimed subject matter does not produce a tangible result 
because the claimed subject matter fails to produce a result that is limited to having real 
world value rather than a result that may be interpreted to be abstract in nature as, for 
example, a thought, a computation, or manipulated data. More specifically, the claimed 
subject matter provides for the conditional statement : "if the application evidence 
satisfies the at least one condition specified in a security policy specification for trusting 
the at least one application, wherein the security policy specification defines multiple 
policy levels, and wherein permissions are granted on a computer system based on the 
permission grant set, the policy manager further calculating an intersection of the first 
and the second permission grant sets to determine whether the access to the protected 
file the third code assembly is permitted, a manifest defining...; application evidence to 
determine...; a leader to load the first...; and a policy manager to evaluate..." happens. 
What would happens if the: "if clause does not do the above conditions? This produced 
result remains in the abstract and, thus, fails to achieve the required status of having 
real world value. 
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Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1 , 2, 4-5, 8, 9-1 1 , 13-14, 17-18, 20-21 , 24, 26-27, 29-30, 33, 35, 37-39, 
and 41-43 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gong, US 
Patent No. 6,044,467 in view of Scheifler et al., Patent No.: US 6,389,540 B1 . 

Referring to claims 1, 2, 17-18, and 33, Gong teaches a computer program 
product, a system, a computer-readable medium and a method comprising: 

receiving a manifest defining first, second, and third code assemblies that are 
members of at least one application, wherein the manifest defines at least one trusted 
application and application evidence for making a trusted decision [abstract, 6:30-43; a 
search is performed for the code equate a manifest which defines trusted application 
and a predetermined mapping of code sources equate application evidence for making 
a trusted decision/permission]; 
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evaluating the application evidence to determine if the at least one application is 
trusted [11:58 - 12:5 and fig. 2B; a code source that is mapped corresponding to 
evaluating the application evidence]. 

Gong does not appear to explicitly teach: 

generating a first, a second, and a third permission grant set for the first, the 
second, and the third code assembly, respectively, that are members of the at least one 
application if the application evidence satisfies at least one condition for trusting the at 
least one application; 

passing the permission grant to a run-time call stack; 

calling the second code assembly by the first code assembly; 

calling the third code assembly by the second code assembly, the third code 
assembly attempting access of a protected file; and 

calculating an intersection of the first and the second permission grant sets to determine 
whether the access to the protected file is permitted. However, Scheifler teaches the 
permission objects, protection domain objects, and policy objects described above are 
used to determine access rights of a thread. According to an implementation consistent 
with the present invention, such access rights vary over time based on what code the 
thread is currently executing, and on which executor's behalf the thread is currently 
executing. The sequence of calls that resulted in execution of the currently executing 
code of a thread is reflected in the call stack of the thread. Reference to an exemplary 
call stack shall be made to explain the operation of a security mechanism that enforces 
access rights in a way that allows the rights to vary over time, [abstract, 13:26-38 and 



Application/Control Number: 10/705,756 Page 8 

Art Unit: 2434 

fig. 6]. Scheifler further teaches in fig. 6, a call stack 6100 associated with a thread 
6200 in which the method 6300-1 of an object 4500-1 calls the method 6300-2 of 
another object 4500-2 that calls the method 6300-3 of yet another object 4500-3 that 
calls a check permission method 6400 of an access controller object 6500 [13:39-44 
and fig. 6; 6300-1 calls 6300-2 that calls 6300-3 that calls a check permission method 
6400 of an access controller object 6500 equate calling the second code assembly by 
the first code assembly; calling the third code assembly by the second code assembly, 
the third code assembly attempting access of a protected file (also see 13:45 - 15:28 
for details)]. Gong and Scheifler are analogous art because both teach stack based 
access control. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to modify the method of Gong to include stack based access control using code 
of Scheifler because the call stack stores representations of the methods and executors 
in an order of invocation by the operation. The execution unit grants access to the 
resource when the types of access authorized by the permissions of all of the methods 
and executors on the call stack encompass the access requested by the operation 
[abstract and fig. 6], please see KSR International Co. v. Teleflex Inc., 550 U.S-, 82 
USPQ2d 1385 (2007) for further interpretation. 

Referring to claims 4, 5, 20, 21 and 35, Gong teaches a computer program 
product, a system, a computer-readable medium and a method further comprising 



Application/Control Number: 10/705,756 Page 9 

Art Unit: 2434 

evaluating application evidence at an application level/group level and a code assembly 
level before trusting the at least one application [11:12-16, 13:66-14:2 and figs. 2B]. 

Referring to claims 8, 24, and 37, Gong teaches a computer program product, a 
system, a computer-readable medium and a method further comprising determining if 
the code assembly is a member of the at least one application [7:20-25]. 

Referring to claims 10, 26 and 38, Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based at least in part on evidence provided with the at least one 
application [6:35-43]. 

Referring to claims 1 1 , 27 and 39, Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based at least in part on evidence external to the at least one 
application [13:66 - 14:2]. 

Referring to claims 13, 29 and 41 , Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based on evidence from user interaction [10:31-39]. 
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Referring to claims 14, 30 and 42, Gong teaches a computer program product, a 
system, a computer-readable medium and a method, wherein satisfying at least one 
trust condition is based on evidence from evaluation of previous trust decisions [13:66 - 
14:2; the received code source corresponding to previous trust decisions]. 

Referring to claim 43, Gong teaches a computer program product, a system, a 
computer-readable medium and a method further comprising a security policy 
specification defining the condition [11:58 - 12:5-11 and fig. 2B]. 

3. Claims 3, 19, 34 and 40 are rejected under 35 U.S.C. 103(a) as being obvious 
over Gong Patent No. 6,044,467 in view of Lao et al. Pub. No. US 2003/0220880 A1 . 

Referring to claims 3, 19, 34 and 40, Gong teaches a method of receiving a 
manifest defining first and second code assemblies that are members of at least one 
application, wherein the manifest defines at least one trusted application and application 
evidence for making a trusted decision (see claim 1 above). Gong further teaches 
generating a permission grant set for each code assembly [6:45-50]. Gong does not 
appear to explicitly teach a method wherein evaluating application evidence is based at 
least in part on an XrML license. However, Lao teaches a method such that access is 
granted based on a license, such as an XrML license, and the like, can be presented 
[paragraph 0166]. Gong and Lao are analogous art because both teach application 
security. 
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At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to modify the method of Gong to include a method such that access is granted 
based on a license, such as an XrML license of Lao because XrML license controls and 
specifies a manner of use of consumption of a distributed network service, please see 
KSR International Co. v. Teleflex Inc., 550 U.S-, 82 USPQ2d 1385 (2007) for further 
interpretation. 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to YONAS BAYOU whose telephone number is (571)272- 
7610. The examiner can normally be reached on m-f,7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571-272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Yonas Bayou/ 
Examiner, Art Unit 2434 
04/29/2009 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



